liu.seSearch for publications in DiVA
Change search
Link to record
Permanent link

Direct link
BETA
Abidin, Aysajan
Publications (10 of 10) Show all publications
Pacher, C., Abidin, A., Lorünser, T., Peev, M., Ursin, R., Zeilinger, A. & Larsson, J.-Å. (2016). Attacks on quantum key distribution protocols that employ non-ITS authentication. Quantum Information Processing, 15(1), 327-362
Open this publication in new window or tab >>Attacks on quantum key distribution protocols that employ non-ITS authentication
Show others...
2016 (English)In: Quantum Information Processing, ISSN 1570-0755, E-ISSN 1573-1332, Vol. 15, no 1, p. 327-362Article in journal (Refereed) Published
Abstract [en]

We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not Information-Theoretically Secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced it was shown to prevent straightforward Man-In-The-Middle (MITM) attacks against QKD protocols.

In this paper, we prove that the set of messages that collide with any given message under this authentication code contains with high probability a message that has small Hamming distance to any other given message. Based on this fact we present extended MITM attacks against different versions of BB84 QKD protocols using the addressed authentication code; for three protocols we describe every single action taken by the adversary. For all protocols the adversary can obtain complete knowledge of the key, and for most protocols her success probability in doing so approaches unity.

Since the attacks work against all authentication methods which allow to calculate colliding messages, the underlying building blocks of the presented attacks expose the potential pitfalls arising as a consequence of non-ITS authentication in QKDpostprocessing. We propose countermeasures, increasing the eavesdroppers demand for computational power, and also prove necessary and sufficient conditions for upgrading the discussed authentication code to the ITS level.

Place, publisher, year, edition, pages
Springer Publishing Company, 2016
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-91260 (URN)10.1007/s11128-015-1160-4 (DOI)000372876800020 ()
Projects
ICG QC
Note

Vid tiden för disputation förelåg publikationen som manuskript

Funding agencies: Vienna Science and Technology Fund (WWTF) [ICT10-067]; Austrian Research Promotion Agency (FFG) [Bridge-2364544]

Available from: 2013-04-18 Created: 2013-04-18 Last updated: 2019-08-15Bibliographically approved
Abidin, A. & Larsson, J.-Å. (2014). Direct proof of security of Wegman-Carter authentication with partially known key. Quantum Information Processing, 13(10), 2155-2170
Open this publication in new window or tab >>Direct proof of security of Wegman-Carter authentication with partially known key
2014 (English)In: Quantum Information Processing, ISSN 1570-0755, E-ISSN 1573-1332, Vol. 13, no 10, p. 2155-2170Article in journal (Refereed) Published
Abstract [en]

Information-theoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman& Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal2 hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the Universal Composability (UC) framework. We find that if the authentication procedure has a failure probability ε and the authentication key has an ε´ trace distance to the uniform, then under ITS, the adversary’s success probability conditioned on an authentic message-tag pair is only bounded by ε +|Ƭ|ε´, where |Ƭ| is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to |Ƭ|ε´ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than ε + ε´. This proves that the scheme is (ε + ε´)-UC-secure, without using the composability theorem.

Place, publisher, year, edition, pages
Springer, 2014
Keywords
Authentication, Strongly Universal hash functions, Partially known key, Trace distance, Universal Composability, Quantum Key Distribution.
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:liu:diva-91264 (URN)10.1007/s11128-013-0641-6 (DOI)000341842000002 ()
Projects
ICG QC
Available from: 2013-04-18 Created: 2013-04-18 Last updated: 2017-12-06Bibliographically approved
Abidin, A. (2013). Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions. (Doctoral dissertation). Linköping: Linköping University Electronic Press
Open this publication in new window or tab >>Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions
2013 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Quantum Key Distribution (QKD) is a secret key agreement technique that consists of two parts: quantum transmission and measurement on a quantum channel, and classical post-processing on a public communication channel. It enjoys provable unconditional security provided that the public communication channel is immutable. Otherwise, QKD is vulnerable to a man-in-the-middle attack. Immutable public communication channels, however, do not exist in practice. So we need to use authentication that implements the properties of an immutable channel as well as possible. One scheme that serves this purpose well is the Wegman-Carter authentication (WCA), which is built upon Almost Strongly Universal2 (ASU2) hashing. This scheme uses a new key in each authentication attempt to select a hash function from an ASU2 family, which is then used to generate the authentication tag for a message.

The main focus of this dissertation is on authentication in the context of QKD. We study ASU2 hash functions, security of QKD that employs a computationally secure authentication, and also security of authentication with a partially known key. Specifically, we study the following.

First, Universal hash functions and their constructions are reviewed, and as well as a new construction of ASU2 hash functions is presented. Second, security of QKD that employs a specific computationally secure authentication is studied. We present detailed attacks on various practical implementations of QKD that employs this authentication. We also provide countermeasures and prove necessary and sufficient conditions for upgrading the security of the authentication to the level of unconditional security. Third, Universal hash function based multiple authentication is studied. This uses a fixed ASU2 hash function followed by one-time pad encryption, to keep the hash function secret. We show that the one-time pad is necessary in every round for the authentication to be unconditionally secure. Lastly, we study security of the WCA scheme, in the case of a partially known authentication key. Here we prove tight information-theoretic security bounds and also analyse security using witness indistinguishability as used in the Universal Composability framework.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2013. p. 55
Series
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 1517
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-91265 (URN)978-91-7519-625-1 (ISBN)
Public defence
2013-05-17, Visionen, B-huset, Campus Valla, Linköpings universitet, Linköping, 13:15 (English)
Opponent
Supervisors
Projects
ICG QC
Available from: 2013-04-18 Created: 2013-04-18 Last updated: 2016-08-31Bibliographically approved
Abidin, A. & Larsson, J.-Å. (2012). New Universal Hash Functions. In: Frederik Armknecht and Stefan Lucks (Ed.), Lecture Notes in Computer Science, Vol. 7242: . Paper presented at 4th Western European Workshop on Research in Cryptology, WEWoRC 2011, Weimar, Germany, July 20-22, 2011 (pp. 99-108). Springer Berlin Heidelberg
Open this publication in new window or tab >>New Universal Hash Functions
2012 (English)In: Lecture Notes in Computer Science, Vol. 7242 / [ed] Frederik Armknecht and Stefan Lucks, Springer Berlin Heidelberg , 2012, p. 99-108Conference paper, Published paper (Refereed)
Abstract [en]

Universal hash functions are important building blocks for unconditionally secure message authentication codes. In this paper, we present a new construction of a class of Almost Strongly Universal hash functions with much smaller description (or key) length than the Wegman-Carter construction. Unlike some other constructions, our new construction has a very short key length and a security parameter that is independent of the message length, which makes it suitable for authentication in practical applications such as Quantum Cryptography.

Place, publisher, year, edition, pages
Springer Berlin Heidelberg, 2012
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 7242
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:liu:diva-84711 (URN)10.1007/978-3-642-34159-5_7 (DOI)978-3-642-34158-8 (ISBN)978-3-642-34159-5 (ISBN)
Conference
4th Western European Workshop on Research in Cryptology, WEWoRC 2011, Weimar, Germany, July 20-22, 2011
Projects
ICG QC
Available from: 2012-10-18 Created: 2012-10-17 Last updated: 2018-01-31
Abidin, A. (2012). On Security of Universal Hash Function Based Multiple Authentication. In: Chim, Tat Wing and Yuen, Tsz Hon (Ed.), Lecture Notes in Computer Science, Vol. 7618: . Paper presented at 14th International Conference on Information and Communications Security, ICICS 2012, Hong Kong, China, October 29-31, 2012 (pp. 303-310).
Open this publication in new window or tab >>On Security of Universal Hash Function Based Multiple Authentication
2012 (English)In: Lecture Notes in Computer Science, Vol. 7618 / [ed] Chim, Tat Wing and Yuen, Tsz Hon, 2012, p. 303-310Conference paper, Published paper (Refereed)
Abstract [en]

Universal hash function based multiple authentication was originally proposed by Wegman and Carter in 1981. In this authentication, a series of messages are authenticated by first hashing each message by a fixed (almost) strongly universal$_2$ hash function and then encrypting the hash value with a preshared one-time pad. This authentication is unconditionally secure. In this paper, we show that the unconditional security cannot be guaranteed if the hash function output for the first message is not encrypted, as remarked in [Atici and Stinson, CRYPTO '96. LNCS, vol. 1109]. This means that it is not only sufficient, but also necessary, to encrypt the hash of every message to be authenticated in order to have unconditional security. The security loss is demonstrated by a simple existential forgery attack.

Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 7618
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-84732 (URN)10.1007/978-3-642-34129-8_27 (DOI)978-3-642-34128-1 (ISBN)978-3-642-34129-8 (ISBN)
Conference
14th International Conference on Information and Communications Security, ICICS 2012, Hong Kong, China, October 29-31, 2012
Projects
ICG QC
Available from: 2012-10-18 Created: 2012-10-18 Last updated: 2018-02-12
Abidin, A., Pacher, C., Lorünser, T., Larsson, J.-Å. & Peev, M. (2011). Quantum cryptography and authentication with low key-consumption. In: Proceedings of SPIE - The International Society for Optical Engineering: . Paper presented at Quantum-Physics-Based Information Security, Prague, 19-21 September 2011 (pp. 818916).
Open this publication in new window or tab >>Quantum cryptography and authentication with low key-consumption
Show others...
2011 (English)In: Proceedings of SPIE - The International Society for Optical Engineering, 2011, p. 818916-Conference paper, Published paper (Refereed)
Abstract [en]

Quantum Key Distribution (QKD - also referred to as Quantum Cryptography) is a technique for secret key agreement. It has been shown that QKD rigged with Information-Theoretic Secure (ITS) authentication (using secret key) of the classical messages transmitted during the key distribution protocol is also ITS. Note, QKD without any authentication can trivially be broken by man-in-the-middle attacks. Here, we study an authentication method that was originally proposed because of its low key consumption; a two-step authentication that uses a publicly known hash function, followed by a secret strongly universal2 hash function, which is exchanged each round. This two-step authentication is not information-theoretically secure but it was argued that nevertheless it does not compromise the security of QKD. In the current contribution we study intrinsic weaknesses of this approach under the common assumption that the QKD adversary has access to unlimited resources including quantum memories. We consider one implementation of Quantum Cryptographic protocols that use such authentication and demonstrate an attack that fully extract the secret key. Even including the final key from the protocol in the authentication does not rule out the possibility of these attacks. To rectify the situation, we propose a countermeasure that, while not informationtheoretically secure, restores the need for very large computing power for the attack to work. Finally, we specify conditions that must be satisfied by the two-step authentication in order to restore informationtheoretic security.

Series
Proceedings of SPIE, ISSN 0277-786X ; 8189
National Category
Other Physics Topics
Identifiers
urn:nbn:se:liu:diva-76601 (URN)10.1117/12.898344 (DOI)978-081948817-6 (ISBN)
Conference
Quantum-Physics-Based Information Security, Prague, 19-21 September 2011
Projects
ICG QC
Available from: 2012-04-12 Created: 2012-04-12 Last updated: 2016-09-07Bibliographically approved
Abidin, A. (2010). Weaknesses of Authentication in Quantum Cryptography and Strongly Universal Hash Functions. (Licentiate dissertation). Linköping: Linköping University Electronic Press
Open this publication in new window or tab >>Weaknesses of Authentication in Quantum Cryptography and Strongly Universal Hash Functions
2010 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Authentication is an indispensable part of Quantum Cryptography, which is an unconditionally secure key distribution technique based on the laws of nature. Without proper authentication, Quantum Cryptography is vulnerable to “man-in-the-middle” attacks. Therefore, to guarantee unconditional security of any Quantum Cryptographic protocols, the authentication used must also be unconditionally secure. The standard in Quantum Cryptography is to use theWegman-Carter authentication, which is unconditionally secure and is based on the idea of universal hashing.

In this thesis, we first investigate properties of a Strongly Universal hash function family to facilitate understanding the properties of (classical) authentication used in Quantum Cryptography. Then, we study vulnerabilities of a recently proposed authentication protocol intended to rule out a "man-in-the-middle" attack on Quantum Cryptography. Here, we point out that the proposed authentication primitive is not secure when used in a generic Quantum Cryptographic protocol. Lastly, we estimate the lifetime of authentication using encrypted tags when the encryption key is partially known. Under simplifying assumptions, we derive that the lifetime is linearly dependent on the length of the authentication key. Experimental results that support the theoretical results are also presented.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2010. p. 37
Series
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1447
National Category
Mathematics
Identifiers
urn:nbn:se:liu:diva-57290 (URN)978-91-7393-354-4 (ISBN)
Supervisors
Projects
ICG QC
Available from: 2010-06-16 Created: 2010-06-16 Last updated: 2016-08-31Bibliographically approved
Abidin, A. & Larsson, J.-Å. (2009). Special Properties of Strongly Universal2 Hash Functions Important in Quantum Cryptography. In: AIP Conference Proceedings, ISSN 0094-243X, Foundations of Probability and Physics—5, Växjö, augusti 2008. Paper presented at Foundations of Probability and Physics—5, Växjö, augusti 2008 (pp. 289-293). New York: American Institute of Physics, 1101
Open this publication in new window or tab >>Special Properties of Strongly Universal2 Hash Functions Important in Quantum Cryptography
2009 (English)In: AIP Conference Proceedings, ISSN 0094-243X, Foundations of Probability and Physics—5, Växjö, augusti 2008, New York: American Institute of Physics , 2009, Vol. 1101, p. 289-293Conference paper, Published paper (Refereed)
Abstract [en]

Secure message authentication is an important part of Quantum Key Distribution. In this paper we analyze special properties of a Strongly Universal2 hash function family, an understanding of which is important in the security analysis of the authentication used in Quantum Cryptography. We answer the following question: How much of Alices message does Eve need to influence so that the message along with its tag will give her enough information to create the correct tag for her message?

Place, publisher, year, edition, pages
New York: American Institute of Physics, 2009
Keywords
Quantum cryptography, Quantum theory, Probability
National Category
Mathematics
Identifiers
urn:nbn:se:liu:diva-18738 (URN)10.1063/1.3109951 (DOI)
Conference
Foundations of Probability and Physics—5, Växjö, augusti 2008
Projects
ICG QC
Available from: 2009-06-03 Created: 2009-06-03 Last updated: 2016-08-31
Abidin, A. & Larsson, J.-Å. (2009). Vulnerability of "A Novel Protocol-Authentication Algorithm Ruling out a Man-in-the-Middle Attack in Quantum Cryptography". International Journal of Quantum Information, 7(5), 1047-1052
Open this publication in new window or tab >>Vulnerability of "A Novel Protocol-Authentication Algorithm Ruling out a Man-in-the-Middle Attack in Quantum Cryptography"
2009 (English)In: International Journal of Quantum Information, ISSN 0219-7499, Vol. 7, no 5, p. 1047-1052Article in journal (Refereed) Published
Abstract [en]

In this paper, we review and comment on "A novel protocol-authentication algorithm ruling out a man-in-the-middle attack in quantum cryptography" [M. Peev et al., Int. J. Quant. Inf. 3 (2005) 225]. In particular, we point out that the proposed primitive is not secure when used in a generic protocol, and needs additional authenticating properties of the surrounding quantum-cryptographic protocol.

Keywords
Quantum cryptography, quantum key distribution, authentication
National Category
Natural Sciences
Identifiers
urn:nbn:se:liu:diva-20405 (URN)10.1142/S0219749909005754 (DOI)
Projects
ICG QC
Available from: 2009-09-08 Created: 2009-09-07 Last updated: 2019-08-15Bibliographically approved
Abidin, A. & Larsson, J.-Å.Lifetime of Authentication Using Encrypted Tags When the Encryption Key is Partially Known.
Open this publication in new window or tab >>Lifetime of Authentication Using Encrypted Tags When the Encryption Key is Partially Known
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Quantum cryptography is an unconditionally secure key growing technique provided that an unconditionally secure authentication protocol is combined with it. This paper is about the study of the lifetime of a message authentication scheme, where a message to be authenticated is first hashed by a secret–but fixed–Strongly Universal hash function then the output is encrypted with a one-time-pad key to generate a tag for the message. If the onetime-pad is completely secret, then the lifetime is exponential in the tag length. If, however, the one-time-pad key is partially known in each authentication round, as is the case in practical quantum key distribution protocols, then the picture is different; because the adversary’s partial knowledge of the one-time-pad key in each authentication round contributes to his/her ability to identify the secret hash function. We estimate the lifetime of this type of authentication. Here the parameters are the length of the key identifying the secret hash function and the amount of knowledge that Eve has on the one-time-pad. A theoretical estimate is presented, along with experimental results that support it.

Keywords
Quantum cryptography, quantum key distribution, authentication, strongly universal hash functions, lifetime
National Category
Mathematics
Identifiers
urn:nbn:se:liu:diva-57289 (URN)
Projects
ICG QC
Available from: 2010-06-16 Created: 2010-06-16 Last updated: 2016-08-31
Organisations

Search in DiVA

Show all publications